Description:
Multiple vulnerabilities were reported in Microsoft Edge. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2017-0200].

A remote user can create specially crafted content that, when loaded by the target user, will trigger an object memory handling error in the Chakra scripting engine and access potentially sensitive information on the target user's system [CVE-2017-0208].

A remote user can create specially crafted content that, when loaded by the target user, will trigger an object memory handling error in the scripting engine and execute arbitrary code on the target user's system [CVE-2017-0093].

A remote user can create specially crafted content that, when loaded by the target user, will trigger an object memory handling error in the browser and execute arbitrary code on the target user's system [CVE-2017-0205].

bee13oy of CloverSec Labs and SkyLined reported some of these vulnerabilities.

Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

A remote user can obtain potentially sensitive information on the target system.